Constructing differentially 4-uniform permutations over f22k via the switching method

Abstract

Many block ciphers use permutations defined on f22k with low differential uniformity, high nonlinearity, and high algebraic degree as their S-boxes to provide confusion. It is well known that, for a function on ,f 2n the lowest differential uniformity is 2 and the functions achieving this lower bound are called almost perfect nonlinear (APN) functions. However, due to the lack of knowledge on APN permutations on f22k, differentially 4-uniform permutations are usually chosen as S-boxes. For example, the currently endorsed Advanced Encryption Standard chooses one such function, the multiplicative inverse function, as its S-box. By a recent survey on differentially 4-uniform permutations over f22k, there are only five known infinite families of such functions, and most of them have small algebraic degrees. In this paper, we apply the powerful switching method to discover many CCZ-inequivalent infinite families of such functions f 22k on with optimal algebraic degree, where k is an arbitrary positive integer. This greatly expands the list of differentially 4-uniform permutations and hence provide more choices for the S-boxes. Furthermore, lower bounds for the nonlinearity of the functions obtained in this paper are presented and they imply that some infinite families have high nonlinearity. © 2013 IEEE.